<?php
require_once ("../../includes/seglogin.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<link href="/vulntotex/includes/google-code-prettify/src/prettify.css" type="text/css" rel="stylesheet" />
<script type="text/javascript" src="/vulntotex/includes/google-code-prettify/src/prettify.js"></script>


<title><?php titulo()?></title>
<link rel="shortcut icon" href="favicon.ico">
</head>

<body onload="prettyPrint()">

<?php 

if(isset($_GET['solution'])){ ?>

<span class="source">Código Solución</span><br/>
<input type="button" value="Volver" style="color:#FFFFFF;background-color:#000000;" onClick="location.href='<?php echo obt_raiz();?>'"/><br/>
<pre class="prettyprint" id="com"> 
	if(isset($_GET['id_com']) && is_numeric($_GET['id_com']) && isset($_GET['token']) 
	&& $_GET['token'] == $_SESSION['usuario']["token"]){
		
		$consulta = "DELETE FROM comentarios WHERE id_comentario=".$_GET['id_com'];
		$res = mysql_query($consulta);
	}
	header("Location:".obt_raiz());
</pre>
<?php }
else {?>
<span class="source">Código Vulnerable</span><br/>
<input type="button" value="Volver" style="color:#FFFFFF;background-color:#000000;" onClick="location.href='<?php echo obt_raiz();?>'"/><br/>
<pre class="prettyprint" id="com"> 
if(isset($_GET['id_com']) && is_numeric($_GET['id_com'])){
		$consulta = "DELETE FROM comentarios WHERE id_comentario=".$_GET['id_com'];
		$res = mysql_query($consulta);
	}
	

</pre>
<?php }?>

</body>
</html>